[CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux
Brunner, Brian T.
BBrunner at gai-tronics.com
Wed May 26 14:54:32 UTC 2010
>
> you can't make a useful argument out of ignorance.
You are being religious, and wrong. See below.
> If you don't want to use SELinux, then disable it.
This is a good idea. Disabling SELinux is the first thing that should
be done, since (as this conversation proves plainly) what we don't know
CAN hurt us, this is a useful argument arising out of ignorance.
> Otherwise, learn to understand how it operates and deal with it.
SELinux should (my religion) be disabled by default, and enabled to the
degree the victim err administrator understands what to expect when
SELinux is enabled, and iff said administrator desires the aforehinted
effects.
> one certain way to cause issues with SELinux is to copy files
> created in other directories or other computers onto another
> computer because it will not have the proper security
> contexts so the way to fix that is to make sure your policy
> files are all up to date and then relabel your file system
> which should set the contexts to their proper labels.
My religion:
1: Disable SELinux.
2: If you think you need whatever SELinux offers, get a degree in
SELinux administration sufficient to understand the ramifications of the
(potential) policies.
3: Enable SELinux to the degree needed.
I've not yet seen a reason to enable SELinux. Ever. Anywhere. It is
*that* badly presented to the administrators who (would) suffer it. It
has (for me) broken things that were before working, it has fixed
nothing that was before broken, it has been nothing but one more cadre
of magicians-of-dubious-value in Pharaoh's Court.
*******************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error please
notify the system manager. This footnote also confirms that this
email message has been swept for the presence of computer viruses.
www.Hubbell.com - Hubbell Incorporated**
More information about the CentOS
mailing list